DNS Root NameServers

Similar documents
DNS Basics. DNS Basics

DNS. The Root Name Servers. DNS Hierarchy. Computer System Security and Management SMD139. Root name server. .se name server. .

Distributed Systems. 09. Naming. Paul Krzyzanowski. Rutgers University. Fall 2015

THE MASTER LIST OF DNS TERMINOLOGY. v 2.0

Computer Networks: DNS a2acks CS 1951e - Computer Systems Security: Principles and Prac>ce. Domain Name System

Part I - Gathering WHOIS Information

Introduction to the Domain Name System

How to set up the Integrated DNS Server for Inbound Load Balancing

Glossary of Technical Terms Related to IPv6

ECE 4321 Computer Networks. Network Programming

DNS and BIND. David White

Local DNS Attack Lab. 1 Lab Overview. 2 Lab Environment. SEED Labs Local DNS Attack Lab 1

Chapter 25 Domain Name System Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

3. The Domain Name Service

THE MASTER LIST OF DNS TERMINOLOGY. First Edition

DNSSEC - Why Network Operators Should Care And How To Accelerate Deployment

DNS Domain Name System

Computer Networks: Domain Name System

FAQ (Frequently Asked Questions)

Domain Name System (DNS) Fundamentals

what s in a name? taking a deeper look at the domain name system mike boylan penn state mac admins conference

Basic DNS Course. Module 1. DNS Theory. Ron Aitchison ZYTRAX, Inc. Page 1 of 24

Configuring your network settings to use Google Public DNS

ARP and DNS. ARP entries are cached by network devices to save time, these cached entries make up a table

DNS and BIND Primer. Pete Nesbitt linux1.ca. April 2012

Deploying DNSSEC: From End-Customer To Content

DNS (Domain Name System) is the system & protocol that translates domain names to IP addresses.

Internet Structure and Organization

- Domain Name System -

Using Webmin and Bind9 to Setup DNS Sever on Linux

LAB: Concept of DNS. Completed by: Learning the basics of DNS. Lab preparation: Boot a Linux OS Document version: Class: Name: Surname:

Zimbra :: The Leader in Open Source Collaboration. Administrator's PowerTip #3: June 21, 2007 Zimbra Forums - Zimbra wiki - Zimbra Blog

Domain Name System. Heng Sovannarith

The Internet Ecosystem and ICANN!! Steve Stanford University, Center for Information and Society! 29 April 2013!

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

DNS Risks, DNSSEC. Olaf M. Kolkman and Allison Mankin. and 8 Feb 2006 Stichting NLnet Labs

OVERVIEW OF THE DNS AND GLOSSARY OF TERMS

OpenSRS Service DNS Configuration Guide

How-to: DNS Enumeration

How to Add Domains and DNS Records

Understand Names Resolution

Internet-Praktikum I Lab 3: DNS

Networking Domain Name System

How to Configure the Windows DNS Server

Domain Name System (DNS) Session-1: Fundamentals. Ayitey Bulley

Configuring DNS. Finding Feature Information

DNS Server Operation & Configuration

Domain Name System (DNS) RFC 1034 RFC

DNS & IPv6. Agenda 4/14/2009. MENOG4, 8-9 April Raed Al-Fayez SaudiNIC CITC rfayez@citc.gov.sa, DNS & IPv6.

Lesson 13: DNS Security. Javier Osuna GMV Head of Security and Process Consulting Division

Advanced Internetworking

Lab 2. CS-335a. Fall 2012 Computer Science Department. Manolis Surligas

CSIS 3230 Computer Networking Principles, Spring 2012 Lab 7 Domain Name System (DNS)

Names vs. Addresses. Flat vs. Hierarchical Space. Domain Name System (DNS) Computer Networks. Lecture 5: Domain Name System

DNS Pharming Attack Lab

How To Guide Edge Network Appliance How To Guide:

Decoding DNS data. Using DNS traffic analysis to identify cyber security threats, server misconfigurations and software bugs

The IANA Functions. An Introduction to the Internet Assigned Numbers Authority (IANA) Functions

DNS. Computer Networks. Seminar 12

Configuring an External Domain

INTERNET DOMAIN NAME SYSTEM

A Plan for the Continued Development of the DNS Statistics Collector

ISP Systems Design. ISP Workshops. Last updated 24 April 2013

The Internet. On October 24, 1995, the FNC unanimously passed a resolution defining the term Internet.

Internet Bodies.

ITIS 2110 Lab 11: Domain Name Server. Tyler Everhart 11/12/2010

Terminology. Internet Addressing System

The Internet Introductory material.

The Domain Name System: An Integral Part of the Internet. By Keiko Ishioka

Conquering the Challenges of IP Network Management with DHCP and DNS

Domain Name System (DNS)

DNS. Computer networks - Administration 1DV202. fredag 30 mars 12

THE DOMAIN NAME SYSTEM DNS

An Introduction to the Domain Name System

DNS and issues in connecting UNINET-ZA to the Internet

Unit Objectives. IP Addressing Basics. Component 4: Introduction to Information and Computer Science. Unit 7: Networks & Networking Lecture 2

Classifying DNS Heavy User Traffic by using Hierarchical Aggregate Entropy. 2012/3/5 Keisuke Ishibashi, Kazumichi Sato NTT Service Integration Labs

Network Layers. CSC358 - Introduction to Computer Networks

Configuration Notes 0215

Copyright International Business Machines Corporation All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure

Domain Name Server. Training Division National Informatics Centre New Delhi

You can specify IPv4 and IPv6 addresses while performing various tasks in this feature. The resource

Monitoring the DNS. Gustavo Lozano Event Name XX XXXX 2015

Use Domain Name System and IP Version 6

Section 1 Overview Section 2 Home... 5

How To Use The Domain Name Server (Dns)

Domain Name System DNS

LAN TCP/IP and DHCP Setup

How to connect your new virtual machine to the Internet

DNS based Load Balancing with Fault Tolerance

Lab - Observing DNS Resolution

The Domain Name System

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

Transcription:

DNS Root NameServers An Overview Dr. Farid Farahmand Updated: 9/24/12

Who- is- Who! Over half million networks are connected to the Internet 5 billion users by 2015! Network numbers are managed by ICANN (Internet Corporation for Assigned Names and Numbers) - http://www.icann.org/ Delegates part of address assignments to regional authorities called registrars Registrars are authorized by ICANN to assign blocks of addresses IP address blocks are given to ISPs and companies ISPs distribute individual addresses to users and organizations

ICANN OrganizaFon The Internet CorporaFon for Assigned Names and Numbers (ICANN) ICANN is a non- profit organizafon It is under a contract with DoC (U.S. department of commerce) The United States Department of Commerce who must approve all changes requested to addressing (Zone files) by ICANN. Responsible for coordinafng the Internet's systems of unique idenffiers, including the systems of domain names and numeric addresses that are used to reach computers on the Internet ICANN assigns address blocks to regional Internet registries (RIR) There are five RIR (e.g., Africa or US- Canada) In U.S. RIR is called The American Registry for Internet Numbers (ARIN)

IANA FuncFon The ICANN is under contract (since 1998) with the United States Department of Commerce to perform the IANA funcfon Internet Assigned Numbers Authority IANA The IANA funcfons includes Internet Protocol (IP) address space allocafon, protocol idenffier assignment generic (gtld) and country code (cctld) Top- Level Domain name system management root server system management funcfons

ARIN & AS In U.S. Regional Internet Registries is called The American Registry for Internet Numbers (ARIN) ARIN manages the distribufon of Internet number resources, including IPv4 and IPv6 address space and AS numbers Autonomous System (AS) is a collecfon of connected Internet Protocol (IP) roufng prefixes under the control of one or more network operators Example: AT&T has AS# 7018 Border Gateway Protocol (BGP) uses the AS# for roufng purposes

Nameserver The enfre Internet is managed through special hierarchical addressing system In order to reach a desfnafon, each request must find out about the IP address of the domain (desfnafon s physical locafon) it is trying to reach Thus, before sending a request, the source must perform a query to learn about the IP address of the desfnafon node The queries (quesfons) are sent to authoritafve nameservers An authorita2ve nameserver is a name server that gives answers in response to quesfons asked about names in a zones AuthoritaFve only Only answer to queries about a zone Cashing name server They are configured to give authoritafve answers to queries for some zones and act as a caching name server for all other zones. DNS zones may consist of only one domain, or may comprise many domains and sub- domains Each Zone is defined by a Zone File A Zone File contains specificafon for host addressing, name aliasing, electronic mail roufng, backup server systems, geographic locafon, administrafve contacts, and many other pieces of informafon Each entry has a DNS record types (e.g., A=address record; MX=Mail exchange record) The Root Zone is controlled by the United States Department of Commerce who must approve all changes to the root zone file requested by ICANN.

A fully qualified domain name (FQDN) A fully qualified domain name (FQDN) is a domain name that specifies its exact locafon in the tree hierarchy of the Domain Name System (DNS) It is an authorita2ve name server It specifies all domain levels For example, given a device with a local hostname myhost and a parent domain name example.com, the fully qualified domain name is myhost.example.com The FQDN therefore uniquely idenffies the device while there may be many hosts in the world called myhost, there can only be one myhost.example.com. In DNS zone files, a fully qualified domain name is specified with a trailing dot. For example, myhost.example.com.

BIND Sojware The obvious quesfon is how does DNS operafon actually take place? Using DNS sojware Berkeley Internet Name Domain(BIND) is the de facto standard for running DNS on Unix- like OS Developed by four graduate students at the Computer Systems Research Group at Berkeley A new version of BIND (BIND 9) was wrilen by the ISC (Internet Systems ConsorFum, Inc., ) from scratch Included new features: IPv6, remote name daemon control, etc. All Zone- files, thus follow BIND- style

NSD Sojware Another notable sojware is NSD for name server daemon Daemon is a background process that handles requests for service NSD is an open- source server program for the Domain Name System Developed by NLnet Labs of Amsterdam Uses the standard TCP/UDP port 53 Latest version is 3 Main advantage is more efficient memory usage: e.g., for serving domains, NSD can save significant RAM space (PROJECT IDEA) Remember: It is all about cache! Three root nameservers have switched from BIND to NSD k.root- servers.net h.root- servers.net (there are three H1, H2, H3) l.root- servers.net hlp://www.nlnetlabs.nl/projects/nsd/index.html

Finding the IP Address for a Domain (Name ResoluFon) Root nameserver e.g., a- root- server.com TLD; e.g., a- gtld- server.net e.g., ns1- tnwgt.net

Example of Hierarchical Naming DNS Root nameserver e.g., DNS server: 192.5.5.241 (f.root- servers.net.) A third- level domain A second- level domain (SLD) it refers to the organizafon that registered the domain name e.g., DNS TLD: e.g., a.gtld- servers.net with two IP address IPv4: 192.5.6.30, IPv6: 2001:503:a83e::2:30

Example of Hierarchical Naming DNS Root nameserver e.g., DNS server: 192.5.5.241 (f.root- servers.net.) A third- level domain A second- level domain (SLD) it refers to the organizafon that registered the domain name e.g., DNS TLD: e.g., a.gtld- servers.net with two IP address IPv4: 192.5.6.30, IPv6: 2001:503:a83e::2:30

Root nameservers There are currently 13 root name servers specified, with names in the form le#er.root- servers.net, where le#er ranges from A to M.

There are currently 13 root name servers specified, with names in the form le#er.root- servers.net, where le#er ranges from A to M. IN_MY_MAC:~ farid11$ dig

There are currently 13 root name servers specified, with names in the form le#er.root- servers.net, where le#er ranges from A to M. hlp://public- root.com/root- server- check/index.htm

Who Controls the Namesever As an example Internet Systems ConsorFum (ISC) operates one of the 13 global authoritafve DNS root servers, F- root This server uses BIND sojware It has two addresses (IPv4 and IPv6)

Who is ISC Internet Systems ConsorFum ISC, is a non- profit corporafon (in Delaware) supporfng the infrastructure of the Internet It develops and maintains sojware, protocols, and operafons For example they developed BIND 9.0 and Dynamic Host ConfiguraFon Protocol (DHCP)

How many gtld (generic Top- Level Domain)?

gtld hlp://en.wikipedia.org/wiki/generic_top- level_domain

What authority does gtld have?

TesFng the Public Root Servers Go to hlp://public- root.com Do Root- Server- Check and examine which Root Servers are up Do Root- Server- LocaFon and see where they are located at Get informafon about E.Root.Server Where is it?

A PracFcal Example! When you visit a Web site, you need the DNS server to resolve your requested domain name. The DNS server of your workstafon queries for name resolufon and it is typically run by your ISP If you find out that the DNS server is too slow, you can change your DNS!!

A PracFcal Example! cont. Using my MacBook Pro I did: cat /etc/resolv.conf I am connected to Wayport.net machines The dynamic DNS that I have received is 192.168.5.1 This is where my machine goes and make query Let s say the DNS ended up being very slow. So, I want to change it to another machine which is faster so I can brows quicker! I decided to use Google Public DNS, instead (8.8.8.8) hlp://www.ifsfmed.com/?data=8.8.8.8&action_type=resolve Go to hlp://www.plus.net/support/sojware/dns/changing_dns_mac.shtml To learn how to change your DNS in your MAC.

A PracFcal Example! cont. Using my MacBook Pro I did: cat /etc/resolv.conf Let s say the DNS ended up being very slow. So, I want to change it to another machine which is faster so I can brows quicker! I am connected to Wayport.net machines The dynamic DNS that I have received is 192.168.5.1 This is where my machine goes and make query I decided to use Google Public DNS, instead (8.8.8.8) hlp://www.ifsfmed.com/? DATA=8.8.8.8&ACTION_TYPE=Resolve This is using the default DNS! Go to hlp://www.plus.net/support/ sojware/dns/ changing_dns_mac.shtml To learn how to change your DNS in your MAC.

Commands Here are a series of command I used on my MAC to measure the Address ResoluFon using different DNS servers: dscacheutil -flushcache // flush the cache time nslookup www.google.com 125.22.47.125 time nslookup www.google.com 208.67.222.222 I used these to compare the performance of the two DNS servers Thus, for DNS server 125.22.47.125, it took 15 millisecond to resolve my Google query!! Here is the informafon about the DNS server: hlp://www.ifsfmed.com/?data=125.22.27.125&action_type=resolve

DNS Cache Poisoning DNS cache poisoning is a data integrity compromise in the Domain Name System (DNS) Read: hlp://adventuresinsecurity.com/papers/ DNS_Cache_Poisoning.pdf Short Video: hlp://www.youtube.com/watch? v=1d1tuefyn4u This is a nice demo if you can follow it: hlp://www.videosurf.com/video/dns- cache- poisoning- demo- 1240529251

References Learn about Google DNS hlp://code.google.com/speed/public- dns/ Free DNS servers hlp://theos.in/windows- xp/free- fast- public- dns- server- list/

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information